LinkedIn Corp. users claim the professional networking website sent unsolicited messages to friends, associates, former spouses and business adversaries after hacking user email accounts without consent.
In a lawsuit filed Tuesday, plaintiffs claim the company broke into their outside email accounts and stole addresses for thousands of people they have exchanged emails with. Those individuals were then sent emails containing pictures and names from the LinkedIn user, asking them to join.
If the recipients did not join, two unauthorized follow up emails were sent, further adding to potential embarrassment, the proposed class action suit claims.
“If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to LinkedIn’s,” the Sept. 17 complaint said.
The company requests a user’s personal email during signup but gives no explanation, the suit said. Users never consent to have emails sent to huge numbers of recent and long-past email recipients when they click a button asking them to stay in touch with “contacts” who aren’t yet on LinkedIn, the suit said.
The webpage asking users to connect to others shows a handful of contacts taken from user’s third party email, the suit alleges, when the site actually is asking to harvest emails for potentially thousands of individuals.
An initial email with the user’s likeness is sent to each address, asking the individual to join LinkedIn like the user they may know. Users can’t easily stop follow up emails, the suit alleges, and can only halt them by deselecting each targeted address individually.
“If a Linkedln user discovers that emails have been sent on his or her behalf to thousands of email addresses, there is no practical way to stop a second and third email from going out to these email addresses,” the suit said.
If two thousand addresses are emailed, the suit estimates that stopping follow up emails for each address would take 11 hours.
The online networking site thrives financially on expanding its user base, estimated at 225 million users, the suit said, and avoids the cost of finding potential new users by taking names from user emails and emailing them directly.
The emails are worth money to the company, the suit claims, pointing out that LinkedIn users must spend $10 to email users they aren’t directly connected to through LinkedIn.
The Tuesday complaint alleges violations of the federal Electronic Communications Privacy Act, the Stored Communications Act and California’s Comprehensive Data Access and Fraud Act, the Invasion of Privacy Act, the Consumer Remedies Act and the state’s common law right of publicity.
The proposed class in the lawsuit includes users past and present who had accounts registered as of May 15, 2013 and who had names, photographs or likenesses used in endorsement emails from the company sent to third parties.
A representative from LinkedIn did not immediately respond to a request for comment.
The lawsuit is 5:13-cv-04303 in the Northern District of California.